Security update for virtualbox SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2016:1451-1 Final 1 1 2016-05-31T13:34:36Z current 2016-05-31T13:34:36Z 2016-05-31T13:34:36Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for virtualbox virtualbox was updated to 5.0.18 and also fixes the following issues: Version bump to 5.0.18 (released 2016-04-18 by Oracle) This is a maintenance release. The following items were fixed and/or added: GUI: position off-screen windows to be fully visible again on relaunch in consistence with default-behavior (bug #15226) GUI: fixed the View menu / Full-screen Mode behavior on Mac OS X El Capitan GUI: fixed a test which allowed to encrypt a hard disk with an empty password GUI: fixed a crash under certain conditions during VM shutdown GUI: fixed the size of the VM list scrollbar in the VM selector when entering a group PC speaker passthrough: fixes (Linux hosts only; bug #627) Drag and drop: several fixes SATA: fixed hotplug flag handling when EFI is used Storage: fixed handling of encrypted disk images with SCSI controllers (bug #14812) Storage: fixed possible crash with Solaris 7 if the BusLogic SCSI controller is used USB: properly purge non-ASCII characters from USB strings (bugs #8801, #15222) NAT Network: fixed 100% CPU load in VBoxNetNAT on Mac OS X under certain circumstances (bug #15223) ACPI: fixed ACPI tables to make the display color management settings available again for older Windows versions (4.3.22 regression) Guest Control: fixed VBoxManage copyfrom command (bug #14336) Snapshots: fixed several problems when removing older snapshots (bug #15206) VBoxManage: fixed --verbose output of the guestcontrol command Windows hosts: hardening fixes required for recent Windows 10 insider builds (bugs #15245, #15296) Windows hosts: fixed support of jumbo frames in with bridged networking (5.0.16 regression; bug #15209) Windows hosts: don't prevent receiving multicast traffic if host-only adapters are installed (bug #8698) Linux hosts: added support for the new naming scheme of NVME disks when creating raw disks Solaris hosts / guests: properly sign the kernel modules (bug #12608) Linux hosts / guests: Linux 4.5 fixes (bug #15251) Linux hosts / guests: Linux 4.6 fixes (bug #15298) Linux Additions: added a kernel graphics driver to support graphics when X.Org does not have root rights (bug #14732) Linux/Solaris Additions: fixed several issues causing Linux/Solatis guests using software rendering when 3D acceleration is available Windows Additions: fixed a hang with PowerPoint 2010 and the WDDM drivers if Aero is disabled Additional bugfixes: * Fix start failure of vboxadd service routine This script fails because /var/lib/VBoxGuestAdditions/config does not exist; however, there is no need for this file. That service routine is modified. (boo#977328). * Add missing initialization of scanout buffer base and size for proper fbdev support. * Add support for delayed_io in fbdev-layer. (boo#977200). - This submission fixes the bug in VB 5.0.18 that prevents proper operation for guest VMs configured to use a LsiLogic adapter for disks. See ticket: https://www.virtualbox.org/ticket/15317 for a description of the problem, and changeset: https://www.virtualbox.org/changeset/60565/vbox for the fix, which is implemented in file 'changeset_60565.diff'. This update contains a fix for CVE-2016-0678. Bug report boo#976636 discusses this vulnerability. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2016-05/msg00130.html E-Mail link for openSUSE-SU-2016:1451-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.1 python-virtualbox-5.0.18-16.1 virtualbox-5.0.18-16.1 virtualbox-devel-5.0.18-16.1 virtualbox-guest-desktop-icons-5.0.18-16.1 virtualbox-guest-kmp-default-5.0.18_k4.1.21_14-16.1 virtualbox-guest-tools-5.0.18-16.1 virtualbox-guest-x11-5.0.18-16.1 virtualbox-host-kmp-default-5.0.18_k4.1.21_14-16.1 virtualbox-host-source-5.0.18-16.1 virtualbox-qt-5.0.18-16.1 virtualbox-websrv-5.0.18-16.1 python-virtualbox-5.0.18-16.1 as a component of openSUSE Leap 42.1 virtualbox-5.0.18-16.1 as a component of openSUSE Leap 42.1 virtualbox-devel-5.0.18-16.1 as a component of openSUSE Leap 42.1 virtualbox-guest-desktop-icons-5.0.18-16.1 as a component of openSUSE Leap 42.1 virtualbox-guest-kmp-default-5.0.18_k4.1.21_14-16.1 as a component of openSUSE Leap 42.1 virtualbox-guest-tools-5.0.18-16.1 as a component of openSUSE Leap 42.1 virtualbox-guest-x11-5.0.18-16.1 as a component of openSUSE Leap 42.1 virtualbox-host-kmp-default-5.0.18_k4.1.21_14-16.1 as a component of openSUSE Leap 42.1 virtualbox-host-source-5.0.18-16.1 as a component of openSUSE Leap 42.1 virtualbox-qt-5.0.18-16.1 as a component of openSUSE Leap 42.1 virtualbox-websrv-5.0.18-16.1 as a component of openSUSE Leap 42.1 Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 5.0.18 allows local users to affect confidentiality, integrity, and availability via vectors related to Core. CVE-2016-0678 openSUSE Leap 42.1:python-virtualbox-5.0.18-16.1 openSUSE Leap 42.1:virtualbox-5.0.18-16.1 openSUSE Leap 42.1:virtualbox-devel-5.0.18-16.1 openSUSE Leap 42.1:virtualbox-guest-desktop-icons-5.0.18-16.1 openSUSE Leap 42.1:virtualbox-guest-kmp-default-5.0.18_k4.1.21_14-16.1 openSUSE Leap 42.1:virtualbox-guest-tools-5.0.18-16.1 openSUSE Leap 42.1:virtualbox-guest-x11-5.0.18-16.1 openSUSE Leap 42.1:virtualbox-host-kmp-default-5.0.18_k4.1.21_14-16.1 openSUSE Leap 42.1:virtualbox-host-source-5.0.18-16.1 openSUSE Leap 42.1:virtualbox-qt-5.0.18-16.1 openSUSE Leap 42.1:virtualbox-websrv-5.0.18-16.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2016-05/msg00130.html https://www.suse.com/security/cve/CVE-2016-0678.html CVE-2016-0678 https://bugzilla.suse.com/976636 SUSE Bug 976636